ScriptRock attended the DevOps Enterprise Summit recently, and we had a blast. We talked to people non-stop for three days, gave countless GuardRail demonstrations, caught a few talks, made some new friends, and learned a lot from attendees about the kinds of challenges they face implementing DevOps. (And hey, did you guys try those breakfast burritos they had on day 2? Delicious.)
A vulnerability was recently announced by Google, named POODLE, which targets SSLv3 connections. SSLv3 is an older encryption protocol in the SSL/TLS family. Most modern browsers default to newer versions of TLS instead of SSL, e.g., TLSv1.2.
News about the major bash vulnerability dubbed Shell Shock is reaching far and wide at the moment, and for good reason — its effects have the potential to reach even further than its distant cousin Heartbleed had previously. IT departments have been scrambling not only to patch machines, but to even find affected machines on their own networks. As config monitoring becomes commonplace, however, today's headache will probably be remembered as something that could've been just a simple nuisance.
While both OpenSSL (responsible for Heartbleed) and the bash shell (where Shell Shock gets its name) are found in datacenters and businesses in every corner in the world, that's where the similarities end. The mechanisms exploiting the two vulnerabilities are entirely different, despite the tech media continuing to compare the two.
Some people, we won't say who, have taken to poking fun at the idea of thought leadership in DevOps. We'd like to set the record straight: here at ScriptRock, the only problem we have with thought leaders is that there aren't enough. Since we believe in continuous improvement, we've taken the first step to addressing this issue. With our elegant "DevOps Thought Leader" shirt anyone can be part of the DevOps intellectual elite.
When you want to win, you don't attack where your opponent is strongest; you hit them where they're weakest. Quarterbacks throw to the receiver covered by an injured corner, bike thieves look for the bike with the weakest chain, and lions drag down the wildebeest at the back of the pack. The larger the surface area, the more likely there is to be variation in the strength of defense, and the larger the difference between the strongest and weakest points.
In theory, DevOps is good for every business. But if there's one thing I've learned from talking to people in the DevOps community, it's that theory doesn't always translate perfectly to reality. Theory is an advertisement; reality is a data set. That's why ScriptRock partnered with Microsoft to sponsor a DevOps study from Saugatuck Technology.
There’s no right place to start with DevOps, but there are reasons that different people choose to start. There are also ways of communicating that make it more likely to take succeed in your organization. Being aware of the people you are talking to and the processes they work within can make your DevOps experiments more likely to grow into a business-wide culture.
Imagine this — you're rolling out a new version of your web app. Works great in the dev environment, and it's been signed off on in staging, so it gets rolled out to production. Things seem fine, so you call it a night.
Then the support requests begin flooding in. Something's broken somewhere, and it's not immediately obvious how. Performance monitor shows the machines are running well, so it can't be that. Ah well, better crack one of those neon-colored energy drinks, it's time to roll back and log into these machines to look through logs and config files for a potential cause. "How could this be happening," you ask, "I mean... these machines are all configured the same, right?"
Today we're proud to show one of our newest features to GuardRail: support for your CloudFlare powered website. As a next-generation CDN (Content Delivery Network) CloudFlare makes your site faster to load, optimizes your content, provides a swathe of ridiculously powerful and easy-to-understand security mechanisms, exclusive analytics insights and even an app marketplace. To give you an idea of just how big this Cisco combatant has become:
- Over the past 3 years, CloudFlare has grown 450% and is currently adding 5,000 new clients a day
- Handles 5% of all web traffic. You've probably used the network hundreds of times in the last 24 hours
- Has fought on the front line protecting websites from some of the internet's largest, high-scale DDoS attacks recorded at 400 gigs/second
Adding your CloudFlare site to GuardRail is easy and enables you to discover, track and control all of your CloudFlare DNS and Zone configuration settings including A, CNAME, MX and SPF records.
Having just started working for ScriptRock as a software engineer my journey understanding GuardRail and its place in the IT automation ecosystem is just beginning. This places me in a unique position to provide a series of blog posts that will start from the ground up in getting started with GuardRail. Today we'll work through the steps required to connect and scan a Ubuntu linux server using SSH.